{ "CVE_data_meta": { "ASSIGNER": "PSIRT@sonicwall.com", "ID": "CVE-2018-9867", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SonicOS", "version": { "version_data": [ { "version_value": "5.9.1.10 and earlier" }, { "version_value": "6.2.7.3" }, { "version_value": "6.5.1.3" }, { "version_value": "6.5.2.2" }, { "version_value": "6.5.3.1" }, { "version_value": "6.2.7.8" }, { "version_value": "6.4.0.0" }, { "version_value": "6.5.1.8" }, { "version_value": "6.0.5.3-86o" } ] } }, { "product_name": "SonicOSv", "version": { "version_data": [ { "version_value": "6.5.0.2-8v_RC363 (VMWARE)" }, { "version_value": "6.5.0.2.8v_RC367 (AZURE)" }, { "version_value": "6.5.0.2.8v_RC368 (AWS)" }, { "version_value": "6.5.0.2.8v_RC366 (HYPER_V)" } ] } } ] }, "vendor_name": "SonicWall" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-285: Improper Authorization" } ] } ] }, "references": { "reference_data": [ { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017" }, { "name": "https://www.tenable.com/security/research/tra-2019-08", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-08" } ] } }